GHSA-7pqv-wj3v-fcq3HighCVSS 8.8
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing...
🔗 CVE IDs covered (1)
📋 Description
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed.